1. General information
This Description of file contains the information that is specified in the EU General Data Protection Regulation (hereafter the GDPR) and in the Finnish Personal Data Act to be provided for the a data subject (controller’s customer) and for the super-vising authority.
2. The controller and controller’s contact information
Name: OP-Services Ltd
Street address: Gebhardinaukio 1, 00510, Helsinki
The controller’s contact person: Kim Tikkanen
Telephone: +358 10 252 8564
3. Data Protection Officer’s contact information
OP Financial Group’s Data Protection Officer
OP Financial Group
Postal address: P.O. Box 308, 00013 OP
Email address: firstname.lastname@example.org
4. Personal Data File
Marketing personal data file applying those interested in the Developer Portal channel
5. The purpose of personal data processing, and legal basis for processing
Those interested in the Developer Portal channel can order an info letter through the page, by way of which OP will email up-to-date information on topical matters concerning the developer channel.
The purpose of use of personal data:
Information and communication
6. Personal data groups
|Personal data group||Basic information||Consent|
|Content of group information||Data subject’s name||Consent and prohibitions issued by the data subject governing personal data processing|
|Data subject’s contact information|
7. Recipients or recipient groups of personal data
Any personal data obtained may be used within OP Financial Group as permitted by the law. In addition, personal data may be given, for example, to:
- the authorities in statutory cases
- OP’s suppliers and partners which assist in organising communication and events related to developer cooperation
8. Transfer of personal data
The controller uses suppliers in data processing but no data will be transferred outside of the EU or EEA.
9. Personal data retention period and criteria for determining the period
The data will be retained for three years, after which it will be deleted according to the deletion processes applied by the controller.
The controller may use personal data for direct marketing purposes under applicable legislation, for example by transferring the personal data to a direct marketing personal data file.
10. Personal data sources, and updating personal data
Personal data is collected primarily from the data subjects themselves.
11. Data subject’s rights
Data subjects have the right to receive the controller’s confirmation of whether their personal data is processed or not, or whether they have been processed. If the controller processes a data subject’s personal data, the latter has the right to receive the information in this document and a copy of the personal data being processed or have been processed. The controller may charge a reasonable administrative fee for additional copies requested by the data subject. If the data subject submits a request electronically and has not requested any other form of delivery, the information will be delivered in a commonly used electronic format, provided that the data can be delivered via a secure channel. The data subject also has the right to ask the controller to rectify or delete his/her personal data. When Finland begins applying the Data Protection Regulation, the data subject will have the right in certain cases to ask the controller to restrict the processing of his/her personal data or to otherwise oppose the processing. The data subject may also request transfer of data he/she has provided from a system to another on the basis of the Data Protection Regulation. Data subjects may forbid the processing of their personal data for direct marketing purposes.
All of the above requests must be submitted to the above contact person of the controller.
Data subjects considering that their personal data is not processed legally have the right to file a complaint to the supervising authority.
12. Right to cancel prior consent
If the controller processes the data subject’s personal data on the basis of consent, the data subject has the right to withdraw such consent. Such cancellation may, however, have an effect on the use and functionalities of the service. Cancelling the consent and banning communication must be performed by contacting the controller.
13. Organisation of protection of data file
The controller has protected the data appropriately in technical and organisational terms. The following tools used to protect the filing system include:
- protection of equipment and data files
- access control
- user identity verification
- access rights
- registration of usage events
- processing guidelines and supervision
The controller also requires of its suppliers the appropriate protection of personal data to be processed.